CVE-2025-34135

Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files

CVSS 5.1 MEDIUMEPSS 0.3%CWE-732

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

30 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by enabling unintended execution behaviors or facilitating abuse of service operations when combined with other weaknesses.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Nagios · XI

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.nagios.com/changelog/nagios-xi/https://www.nagios.com/products/security/#nagios-xi https://www.vulncheck.com/advisories/nagios-xi-overly-permissive-permissions-on-systemd-unit-files